[ubuntu/oneiric] refpolicy 2:0.2.20100524-9ubuntu1 (Accepted)

Angel Abad angelabad at ubuntu.com
Tue May 17 13:00:19 UTC 2011 

refpolicy (2:0.2.20100524-9ubuntu1) oneiric; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/control: drop "selinux" conflict (Debian bug 576598)

refpolicy (2:0.2.20100524-9) unstable; urgency=low

  * Make gnome.pp not be autoloaded and revert some of the gnome stuff from the
    previous version.  Getting gnome (gconfd) policy to work correctly is too
    hard for Squeeze.
  * Allow user_t to talk to xdm_var_run_t sockets so switch user can work.
  * Allow mailman_mail_t to read /dev/urandom and usr_t files
  * Allow xenconsoled_t capability sys_tty_config and create unix_dgram_socket
  * Allow iodine_t to read /proc/filesystems
  * Allow jabber_t to write it's fifos, process set/getsched, connect to
    generic tcp ports, and bind to udp ports.
  * Label /var/lib/sudo as pam_var_run_t
  * Allow sshd_t to read gitosis files.
  * Made the gitosis label apply to /srv/gitosis.
  * Allow webalizer to read usr_t files for geoip database.
  * Allow user_t and staff_t consolekit_dbus_chat() access so they can
    determine their session status - necessary to login in KDE sometimes.
  * Label ~/.gnupg/gpg.conf as user_home_t and allow user_t to list directories
    of type gpg_secret_t so gpg-agent can start.
  * Allow gpg_agent_t to launch a user session and send sigchld to xdm_t
  * Allow user_ssh_agent_t to send sigchld to xdm_t and allow it to run the
    gpg agent.
  * Add new paths for chromium-browser to support the version in unstable,
    needed for backports.
  * Allow user_mail_t to transition to postfix_master_t for postalias, confined
    by roles.  Uses domain_system_change_exemption() for user_mail_t via
    postfix_domtrans_master() which isn't ideal.

Date: Tue, 17 May 2011 14:44:24 +0200
Changed-By: Angel Abad <angelabad at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Angel Abad <angelabad at gmail.com>
https://launchpad.net/ubuntu/oneiric/+source/refpolicy/2:0.2.20100524-9ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 17 May 2011 14:44:24 +0200
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc
Architecture: source
Version: 2:0.2.20100524-9ubuntu1
Distribution: oneiric
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Angel Abad <angelabad at ubuntu.com>
Description: 
 selinux-policy-default - Strict and Targeted variants of the SELinux policy
 selinux-policy-dev - Headers from the SELinux reference policy for building modules
 selinux-policy-doc - Documentation for the SELinux reference policy
 selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
 selinux-policy-src - Source of the SELinux reference policy for customization
Changes: 
 refpolicy (2:0.2.20100524-9ubuntu1) oneiric; urgency=low
 .
   * Merge from debian unstable.  Remaining changes:
     - debian/control: drop "selinux" conflict (Debian bug 576598)
 .
 refpolicy (2:0.2.20100524-9) unstable; urgency=low
 .
   * Make gnome.pp not be autoloaded and revert some of the gnome stuff from the
     previous version.  Getting gnome (gconfd) policy to work correctly is too
     hard for Squeeze.
   * Allow user_t to talk to xdm_var_run_t sockets so switch user can work.
   * Allow mailman_mail_t to read /dev/urandom and usr_t files
   * Allow xenconsoled_t capability sys_tty_config and create unix_dgram_socket
   * Allow iodine_t to read /proc/filesystems
   * Allow jabber_t to write it's fifos, process set/getsched, connect to
     generic tcp ports, and bind to udp ports.
   * Label /var/lib/sudo as pam_var_run_t
   * Allow sshd_t to read gitosis files.
   * Made the gitosis label apply to /srv/gitosis.
   * Allow webalizer to read usr_t files for geoip database.
   * Allow user_t and staff_t consolekit_dbus_chat() access so they can
     determine their session status - necessary to login in KDE sometimes.
   * Label ~/.gnupg/gpg.conf as user_home_t and allow user_t to list directories
     of type gpg_secret_t so gpg-agent can start.
   * Allow gpg_agent_t to launch a user session and send sigchld to xdm_t
   * Allow user_ssh_agent_t to send sigchld to xdm_t and allow it to run the
     gpg agent.
   * Add new paths for chromium-browser to support the version in unstable,
     needed for backports.
   * Allow user_mail_t to transition to postfix_master_t for postalias, confined
     by roles.  Uses domain_system_change_exemption() for user_mail_t via
     postfix_domtrans_master() which isn't ideal.
Checksums-Sha1: 
 284306f38cbe71bc5be8a0ef3b827936152efe5f 1621 refpolicy_0.2.20100524-9ubuntu1.dsc
 8bc266a3377b153d330a4451da22943438ec1895 117117 refpolicy_0.2.20100524-9ubuntu1.diff.gz
Checksums-Sha256: 
 6d131978a56b26958687c092455e4933e9b551cf8cc8fb445370514083a127c8 1621 refpolicy_0.2.20100524-9ubuntu1.dsc
 4abe2e3ab7825b027842b3d91e67b1133c7b91f0697a9c975be78d0324557000 117117 refpolicy_0.2.20100524-9ubuntu1.diff.gz
Files: 
 8dc2583030194420ab4dd6df021b8a13 1621 admin optional refpolicy_0.2.20100524-9ubuntu1.dsc
 0322ad01a9edc7fbd14e210bff81dcf5 117117 admin optional refpolicy_0.2.20100524-9ubuntu1.diff.gz
Original-Maintainer: Russell Coker <russell at coker.com.au>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3ScTEACgkQCY2uR+47wnlgxgCbBYsRaEqD///p8czCrYlyscN7
ckcAnAg+6tlb72OC3uhjLagqw9ySsRec
=+4C3
-----END PGP SIGNATURE-----

More information about the Oneiric-changes mailing list